Key Diversification Data is used to obtain keys for that card applying an algorithm to those bytes (which should be unique to the card) using a Master Key.
There are two widely used key derivation algorithms:
- Visa2
- EMV-CPS
They are very similar: they get a few of the 10-bytes of the Key Diversification Data from the response to INITIALIZE UPDATE, append a few fixed bytes and then encrypt them applying 3DES using the Master Key as encryption key.
The "fixed bytes" are different, so we get the three SCP02 keys we need:
- 'F001' gives us the ENC key
- 'F002' the MAC key
- 'F003' the DEK key
Hope this helps! It is not described in the GlobalPlatform spec, so I takes a while to learn it.